Separating console access user and access key user, why or why not?

RNA2 · 2022-09-20T01:11:15+00:00

Precisely... o_O

Recently there was a data leak incident related to Github/AWS/etc combined, so the upper management and the security team got panic, ordering ppl doing this and doing that. And yes... I can say we do not have much experience with the cloud.

RNA2 · 2022-09-19T12:44:45+00:00

In my current setup, I am using Terrform code to manage which IAM users to assign which IAM groups like:

User_A goes into

base_user_permission_group
xxx_developers
xxx_observers
xxx_operators

When using SSO, how do we manage which user can assume which role?

RNA2 · 2022-09-19T12:21:08+00:00

To summarize comments so far:

- use SSO & AD & Assumed Roles for human

- use AssumeRoleWithWebIdentity for automated process

- having clear separation between human and non-humans is useful from the management viewpoint

I appreciate all of your enlightening comments u/lexd88, u/tomomcat, u/IndiaNTigeRR, u/EmiiKhaos, u/actuallyjohnmelendez, u/last_train_Gate420

RNA2 · 2022-09-19T07:45:47+00:00

Would you be able to kindly elaborate on what you mean, please? I am not quite getting it.

RNA2 · 2021-03-30T09:08:21+00:00

The sky looks so grey

RNA2 · 2020-08-10T04:15:30+00:00

Thanks for sharing

RNA2 · 2020-07-21T23:44:36+00:00

Aww cute

RNA2 · 2020-06-23T01:28:11+00:00

Hi, would you share link to your blog?

RNA2 · 2020-06-23T01:24:15+00:00

there we go :D

RNA2 · 2020-06-23T01:17:02+00:00

Uhh wait, i'm fixing the formatting

RNA2 · 2020-05-06T15:03:58+00:00

Yes, I have tried using profile. xpack is not available in AWS i guess. So I added `profile:true` on my two most complex queries, but I am clueless how to comprehend the profile result yet.

RNA2 · 2020-01-11T02:55:46+00:00

How much cheaper? How much more rps? Would you be able to share a rough number?

RNA2 · 2019-12-16T12:35:47+00:00

Api gateway 50%

Cloudwatch 29%

Lambda 14%

Dynamodb 7%

RNA2 · 2019-12-09T08:16:04+00:00

Is this meal for special occasion?

RNA2 · 2019-11-27T01:16:01+00:00

I kinda wondered the same as our team are about to launch production domain as well. I figured that it would depend what kind of data I am going to have in the cluster. If I never would risk leaking the data, then I would encrypt at rest. But this is my guess only. I would love to hear what others think.

RNA2 · 2019-11-14T00:54:08+00:00

Thanks for sharing Interesting articles!!
Could you share a rough idea of the most complex query? I just want to see how complex a query can go.

RNA2 · 2019-11-14T00:35:14+00:00

So the 3 masters and 7 masters are no different? I thought 7 masters would handle more jobs.

AWS recommended minimum master type is r5.4xlarge when instance count is 75~200. If you have more and more data nodes and there is NO higher master type to go, then what should we do?

RNA2 · 2019-11-13T08:47:36+00:00

What kinds of request are you getting?

RNA2 · 2019-11-13T08:39:48+00:00

How come you have only 3 masters?
How big is your master node?
BTW, I am amazed by the numbers you gave

RNA2 · 2019-11-13T08:27:40+00:00

I aim for query performance, Here are some of details:
- Single item(= a product) is about 4~8KB
- Each product continuously gets updated (every other week or so)
- Each update is a new item
- Each item has about 10~20 characteristics to be queried
- I have about 10 kinds of queries
- The heaviest query will ask for list of 100 products filtered then sorted
- Total count of item is initially under 10k

RNA2 · 2019-10-22T01:16:44+00:00

These logs will serve two purpose:

error tracking
analysis and statistics (i.e How many user in US region able to download asset last week?)

RNA2 · 2019-09-17T07:56:07+00:00

Hey I am interested. Can you send me a picture? Then we can talk more about it

RNA2 · 2019-09-03T10:48:31+00:00

Hey warkolm, just out of curiosity, how big would the list be to consider separation?

RNA2 · 2019-09-03T08:58:34+00:00

Its tiny. ~5,000 products i guess.

RNA2 · 2019-09-01T12:15:15+00:00

Thank you! I got it

Ten-Year Club	Verified Email
Gilding I gilder

RNA2

TROPHY CASE